The more you share online, the more you open yourself to social engineering If you've seen the viral AI work pic trend where people are asking ChatGPT to "create a caricature of me and my job...
Microsoft has fixed a "remote code execution" vulnerability in Windows 11 Notepad that allowed attackers to execute local or remote programs by tricking users into clicking specially crafted...
Intentionally vulnerable training applications are widely used for security education, internal testing, and product demonstrations. Tools such as OWASP Juice Shop, DVWA, Hackazon, and bWAPP are...
The AgreeTo add-in for Outlook has been hijacked and turned into a phishing kit that stole more than 4,000 Microsoft account credentials. [...]
In this investigation, we tracked a malware spam campaign that ultimately delivers Stealerium, a modular .NET infostealer with a broad feature set: credential theft, keylogging, file grabbing,...
US Border Patrol intelligence units will gain access to a face recognition tool built on billions of images scraped from the internet.
Russia’s communications regulator, Roskomnadzor, confirmed Tuesday that it has deliberately “slowed down” the app, which has nearly 90 million local users, citing the company’s failure to comply...
Microsoft on Tuesday released security updates to address a set of 59 flaws across its software, including six vulnerabilities that it said have been exploited in the wild. Of the 59 flaws, five...
Curious port filtering and traffic patterns suggest advisories weren’t the earliest warning signals sent Telcos likely received advance warning about January's critical Telnet vulnerability before...
The U.S. military’s top EOD technology authority recently warned bomb technicians against uploading restricted technical material into generative artificial intelligence systems — including...
The Senate Intelligence Committee voted on Tuesday to advance President Donald Trump’s pick to be the next head of U.S. Cyber Command and the National Security Agency, sending the nomination to...
Cybersecurity researchers have disclosed details of a new botnet operation called SSHStalker that relies on the Internet Relay Chat (IRC) communication protocol for command-and-control (C2)...
Operational technology (OT) cyberattacks in recent years have been relatively tame, thanks to attackers’ ignorance of bespoke and legacy systems. But there are early indications that attackers are...
Deterring a Russian attack depends not just on NATO’s military forces, but on proof that alliance members can bring new technology to the fight as quickly as Moscow, Adm. Pierre Vandier, who leads...
The Federal Aviation Administration issued unexplained notices late Tuesday closing airspace over El Paso and a large patch of southern New Mexico west of Santa Teresa for 10 days. El Paso...
I just noticed that the ebook version of Rewriring Democracy is on sale for $5 on Amazon, Apple Books, Barnes & Noble, Books A Million, Google Play, Kobo, and presumably everywhere else in the US....
A member of the Crazy ransomware gang is abusing legitimate employee monitoring software and the SimpleHelp remote support tool to maintain persistence in corporate networks, evade detection, and...
The Netherlands Police have arrested a a 21-year-old man from Dordrecht, suspected of selling access to the JokerOTP phishing automation tool that can intercept one-time passwords (OTP) for...
We disclose new details about campaigns involving RenEngine and HijackLoader malware. Since March 2025, attackers have been distributing the Lumma stealer in a complex chain of infections, and in...
Bitdefender researchers have discovered a surge in LummaStealer activity, showing how one of the world's most prolific information-stealing malware operations managed to survive despite being...
In an era defined by rapid digitization, the electric power sector is increasingly looking to its analog past to secure its future. During the latest episode of the Cyber Focus podcast, Scott...
Adobe security advisory (AV26-115)
For years, many government contractors treated cybersecurity compliance as a technical checklist, important, certainly, but often siloed within IT departments. That mindset is no longer tenable....
GitLab security advisory (AV26-114)
Attackers using social engineering to exploit business processes, rather than tunnelling in via tech Exclusive When fraudsters go after people's paychecks, "every employee on earth becomes a...
It takes legendary defenses to keep security nightmares at bay
Cyber resilience means anticipating threats, detecting them early, and recovering fast when incidents occur. Wazuh shows how its open source SIEM and XDR unify visibility, detection, and automated...
RESEARCH DISCLAIMER: This analysis examines the most recent and actively maintained repositories of OTP & SMS bombing tools to understand current attack capabilities and targeting patterns. All...
Ashden Fein, Jess Gonzalez Valenzuela, Analese Bridges, John Webster Leslie, and Claire O’Rourke of Covington and Burling write: The Cybersecurity Information Sharing Act of 2015 (“CISA 2015”),...
The North Korea-linked threat actor known as UNC1069 has been observed targeting the cryptocurrency sector to steal sensitive data from Windows and macOS systems with the ultimate goal of...